sec_rgy_plcy_get_effective(3sec)
Returns the effective policy for an organization
Synopsis
#include <dce/policy.h>
void sec_rgy_plcy_get_effective(
sec_rgy_handle_t context,
sec_rgy_name_t organization,
sec_rgy_plcy_t *policy_data,
error_status_t *status);
Parameters
Input
context
An opaque handle bound to a registry server. Use sec_rgy_site_open( ) to acquire a bound handle.
organization
A character string (type sec_rgy_name_t) containing the name of the organization for which the policy data is to be returned. If this string is empty, the
routine returns the registry's policy data.
Output
policy_data
A pointer to the sec_rgy_plcy_t structure to receive the authentication policy. This structure contains the minimum length of a user's password, the
lifetime of a password, the expiration date of a password, the lifetime of the entire account, and some flags describing limitations on the password spelling.
status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.
Description
The sec_rgy_plcy_get_effective( ) routine returns the effective policy for the specified organization.
The effective policy data is the most restrictive combination of the registry and the organization policies.
The policy data consists of the following:
· The password expiration date. This is the date on which account passwords will expire.
· The minimum length allowed for account passwords.
· The period of time (life span) for which account passwords will be valid.
· The period of time (life span) for which accounts will be valid.
· Flags indicating whether account passwords can consist entirely of spaces or entirely of alphanumeric characters.
Permissions Required
The sec_rgy_plcy_get_effective( ) routine requires the r (read) permission on the policy object from which the data is to be
returned. If an organization is specified, the routine also requires the r (read) permission on the organization.
Notes
If no organization is specified, the routine returns the registry's policy data. To return the effective policy, an organization must be specified. This is because the
routine compares the registry's policy data with that of the organization to determine which is more restrictive.
Files
/usr/include/dce/policy.idl
The idl file from which dce/policy.h was derived.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
sec_rgy_object_not_found
The registry server could not find the specified organization.
sec_rgy_server_unavailable
The DCE registry server is unavailable.
error_status_ok
The call was successful.
Related Information
Functions: